]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/user_controller.rb
Replace attr_accessible with strong parameters
[rails.git] / app / controllers / user_controller.rb
index dfacb9d5a2a70d0a2b39d564117ca648c0f1f28f..6f2894e3da454764dbc673241500a947dc17b12e 100644 (file)
@@ -86,14 +86,28 @@ class UserController < ApplicationController
         @user.openid_url = nil if @user.openid_url and @user.openid_url.empty?
 
         if @user.save
-          flash[:piwik_goal] = PIWIK_SIGNUP_GOAL if defined?(PIWIK_SIGNUP_GOAL)
+          flash[:piwik_goal] = PIWIK["goals"]["signup"] if defined?(PIWIK)
+
+          referer = welcome_path
+
+          begin
+            uri = URI(session[:referer])
+            /map=(.*)\/(.*)\/(.*)/.match(uri.fragment) do |m|
+              editor = Rack::Utils.parse_query(uri.query).slice('editor')
+              referer = welcome_path({'zoom' => m[1],
+                                      'lat' => m[2],
+                                      'lon' => m[3]}.merge(editor))
+            end
+          rescue
+            # Use default
+          end
 
           if @user.status == "active"
-            session[:referer] = welcome_path
+            session[:referer] = referer
             successful_login(@user)
           else
             session[:token] = @user.tokens.create.token
-            Notifier.signup_confirm(@user, @user.tokens.create(:referer => welcome_path)).deliver
+            Notifier.signup_confirm(@user, @user.tokens.create(:referer => referer)).deliver
             redirect_to :action => 'confirm', :display_name => @user.display_name
           end
         else
@@ -237,7 +251,7 @@ class UserController < ApplicationController
     else
       session[:referer] = params[:referer]
 
-      @user = User.new(params[:user])
+      @user = User.new(user_params)
       @user.status = "pending"
 
       if @user.openid_url.present? && @user.pass_crypt.empty?
@@ -297,10 +311,14 @@ class UserController < ApplicationController
   end
 
   def confirm
-    if request.post? && (token = UserToken.find_by_token(params[:confirm_string]))
-      if token.user.active?
+    if request.post?
+      token = UserToken.find_by_token(params[:confirm_string])
+      if token && token.user.active?
         flash[:error] = t('user.confirm.already active')
         redirect_to :action => 'login'
+      elsif !token || token.expired?
+        flash[:error] = t('user.confirm.unknown token')
+        redirect_to :action => 'confirm'
       else
         user = token.user
         user.status = "active"
@@ -714,7 +732,7 @@ private
 
       cookies.permanent["_osm_username"] = user.display_name
 
-      if user.new_email.blank?
+      if user.new_email.blank? or user.new_email == user.email
         flash.now[:notice] = t 'user.account.flash update success'
       else
         user.email = user.new_email
@@ -791,4 +809,10 @@ private
     # it's .now so that this doesn't propagate to other pages.
     flash.now[:skip_terms] = true
   end
+
+  ##
+  # return permitted user parameters
+  def user_params
+    params.require(:user).permit(:email, :email_confirmation, :display_name, :openid_url, :pass_crypt, :pass_crypt_confirmation)
+  end
 end